b'                   AUDIT REPORT\n\n              Audit of NRC\xe2\x80\x99s Oversight of ISFSI Security\n\n                      OIG-11-A-10       May 3, 2011\n\n\n\n\nAll publicly available OIG reports (including this report) are accessible through\n                              NRC\xe2\x80\x99s Web site at:\n             http:/www.nrc.gov/reading-rm/doc-collections/insp-gen/\n\x0c                                 UNITED STATES\n                         NUCLEAR REGULATORY COMMISSION\n                                 WASHINGTON, D.C. 20555-0001\n\n\n\nOFFICE OF THE\nINSPECTOR GENERAL\n\n\n                                          May 3, 2011\n\n\n\nMEMORANDUM TO:              R. William Borchardt\n                            Executive Director for Operations\n\n\n\nFROM:                       Stephen D. Dingbaum /RA/\n                            Assistant Inspector General for Audits\n\n\nSUBJECT:                    AUDIT OF NRC\xe2\x80\x99S OVERSIGHT OF ISFSI SECURITY\n                            (OIG-11-A-10)\n\n\nAttached is the Office of the Inspector General\xe2\x80\x99s (OIG) audit report titled, Audit of NRC\xe2\x80\x99s\nOversight of ISFSI Security.\n\nThe report presents the results of the subject audit. Agency comments provided at the\nApril 13, 2011, exit conference have been incorporated, as appropriate, into this report.\n\nPlease provide information on actions taken or planned on each of the\nrecommendations within 30 days of the date of this memorandum. Actions taken or\nplanned are subject to OIG followup as stated in Management Directive 6.1.\n\nWe appreciate the cooperation extended to us by members of your staff during the\naudit. If you have any questions or comments about our report, please contact me at\n415-5915 or Beth Serepca, Team Leader, Security and Information Management Audit\nTeam, at 415-5911.\n\nAttachment: As stated\n\x0cElectronic Distribution\n\nEdwin M. Hackett, Executive Director, Advisory Committee\n  on Reactor Safeguards\nE. Roy Hawkens, Chief Administrative Judge, Atomic Safety\n  and Licensing Board Panel\nStephen G. Burns, General Counsel\nBrooke D. Poole, Director, Office of Commission Appellate Adjudication\nJames E. Dyer, Chief Financial Officer\nMargaret M. Doane, Director, Office of International Programs\nRebecca L. Schmidt, Director, Office of Congressional Affairs\nEliot B. Brenner, Director, Office of Public Affairs\nAnnette Vietti-Cook, Secretary of the Commission\nR. William Borchardt, Executive Director for Operations\nMichael F. Weber, Deputy Executive Director for Materials, Waste,\n  Research, State, Tribal, and Compliance Programs, OEDO\nDarren B. Ash, Deputy Executive Director\n  for Corporate Management, OEDO\nMartin J. Virgilio, Deputy Executive Director for Reactor\n  and Preparedness Programs, OEDO\nMary C. Muessle, Assistant for Operations, OEDO\nKathryn O. Greene, Director, Office of Administration\nPatrick D. Howard, Director, Computer Security Office\nRoy P. Zimmerman, Director, Office of Enforcement\nCharles L. Miller, Director, Office of Federal and State Materials\n  and Environmental Management Programs\nCheryl L. McCrary, Director, Office of Investigations\nThomas M. Boyce, Director, Office of Information Services\nMiriam L. Cohen, Director, Office of Human Resources\nMichael R. Johnson, Director, Office of New Reactors\nCatherine Haney, Director, Office of Nuclear Material Safety\n  and Safeguards\nEric J. Leeds, Director, Office of Nuclear Reactor Regulation\nBrian W. Sheron, Director, Office of Nuclear Regulatory Research\nCorenthis B. Kelley, Director, Office of Small Business and Civil Rights\nJames T. Wiggins, Director, Office of Nuclear Security\n  and Incident Response\nWilliam M. Dean, Acting Regional Administrator, Region I\nVictor M. McCree, Regional Administrator, Region II\nMark A. Satorius, Regional Administrator, Region III\nElmo E. Collins, Jr., Regional Administrator, Region IV\n\x0c                                                                      Audit of NRC\xe2\x80\x99s Oversight of ISFSI Security\n\n\nEXECUTIVE SUMMARY\n\n        BACKGROUND\n\n                 Independent Spent Fuel Storage Installations (ISFSI) are facilities licensed\n                 by the U.S. Nuclear Regulatory Commission (NRC) to store dry casks\n                 containing used nuclear reactor fuel, otherwise known as spent fuel.1\n                 These massive structures typically contain spent fuel assemblies within a\n                 sealed steel canister, which are located in a thick concrete and steel cask\n                 for shielding and protection, and then placed on thick concrete pads for\n                 added strength and stability. These casks can be stored either vertically\n                 or horizontally in concrete storage bunkers.\n\n                 With the anticipated growth of nuclear power in the United States, and the\n                 uncertainty over the permanent storage of spent nuclear fuel at Yucca\n                 Mountain,2 nuclear power plants have a growing need for additional spent\n                 fuel storage capacity to support continued plant operation. ISFSIs are\n                 generally regarded as a safe and practical means to store spent fuel as\n                 they are passive systems that do not require the maintenance of spent\n                 fuel pools.3\n\n                 NRC, which regulates the safe and secure use of nuclear materials,\n                 issues licenses and oversees licensee compliance with regulations for\n                 ISFSI facilities. The first dry storage ISFSI was licensed by NRC in 1986.\n                 As of April 2011, there were ISFSIs storing spent nuclear fuel or preparing\n                 to store spent nuclear fuel in the near term at 57 different locations across\n                 the United States. Of these ISFSI sites, 47 were located at operating\n                 reactors and the remaining 10 were located away from an operating\n                 reactor.\n\n\n\n\n1\n  NRC regulations allow the storage of spent fuel in both pool-type wet storage and dry casks. In 1971,\nthe first ISFSI license was issued to a wet storage facility. This remains the only non-dry cask ISFSI in\nthe United States.\n2\n  Yucca Mountain, Nevada, has been the leading candidate site for a spent nuclear fuel repository since\nthe 1980s. However, in recent years, scientific and political concerns have emerged over the suitability of\nthe location.\n3\n  Spent fuel pools are underwater storage facilities for spent nuclear fuel located within the reactor site.\nThese pools were the most common method to store spent fuel until the emergence of dry cask storage\nin the late 1980s.\n\n\n                                                      i\n\x0c                                                  Audit of NRC\xe2\x80\x99s Oversight of ISFSI Security\n\n\n      Following the terrorist attacks of September 11, 2001, NRC conducted a\n      comprehensive review of its security policies and procedures, including\n      those related to spent fuel storage. NRC recognized the need to\n      reexamine basic assumptions underlying the civilian nuclear facility\n      security and safeguards programs and embarked upon a comprehensive\n      review of these programs. NRC issued advisories and orders to licensees\n      possessing spent nuclear fuel that identified additional security measures\n      and directed licensees to reevaluate the adequacy of their security\n      programs, plans, and procedures.\n\n\nPURPOSE\n\n      The audit objective was to determine the adequacy of NRC\xe2\x80\x99s oversight of\n      ISFSI security.\n\n\nRESULTS IN BRIEF\n\n      While NRC has taken steps to improve its oversight of ISFSI security, and\n      the agency has not experienced any problems with ISFSI security, the\n      Office of the Inspector General (OIG) identified the following opportunities\n      to enhance management of the ISFSI security oversight program:\n\n          Define key ISFSI security office roles and responsibilities.\n          Update the ISFSI security inspection procedure.\n          Train inspectors assigned to assess ISFSI security.\n          Develop a centralized database of ISFSI security-related information.\n\n      OIG acknowledges the agency\xe2\x80\x99s post-September 11, 2001, categorization\n      of ISFSIs as a relatively low security risk and its decision to place security\n      resources on higher risk programs; however, making certain basic\n      improvements in program management will facilitate the continued\n      success of ISFSI security and prevent lapses that could occur in the\n      absence of such improvements.\n\n\n\n\n                                     ii\n\x0c                                                Audit of NRC\xe2\x80\x99s Oversight of ISFSI Security\n\n\nRECOMMENDATIONS\n\n     This report makes recommendations to improve the agency\xe2\x80\x99s ISFSI\n     security program. A list of these recommendations appears on page 14 of\n     this report.\n\nAGENCY COMMENTS\n\n     At an exit conference on April 13, 2011, agency management stated their\n     general agreement with the findings and recommendations in this report.\n     Agency management also provided supplemental information that has\n     been incorporated into this report, as appropriate. As a result, the agency\n     opted not to provide formal comments for inclusion in this report.\n\n\n\n\n                                   iii\n\x0c                                            Audit of NRC\xe2\x80\x99s Oversight of ISFSI Security\n\n\nABBREVIATIONS AND ACRONYMS\n\n       ADAMS   Agencywide Documents Access and Management System\n\n       ASM     Additional Security Measures\n\n       FSME    Office of Federal and State Materials and Environmental\n               Management Programs\n\n       ICM     Interim Compensatory Measures\n\n       ISFSI   Independent Spent Fuel Storage Installation\n\n       NMSS    Office of Nuclear Material Safety and Safeguards\n\n       NRC     U.S. Nuclear Regulatory Commission\n\n       NSIR    Office of Nuclear Security and Incident Response\n\n       OIG     Office of the Inspector General\n\n\n\n\n                               iv\n\x0c                                                                     Audit of NRC\xe2\x80\x99s Oversight of ISFSI Security\n\n\nTABLE OF CONTENTS\n\n        EXECUTIVE SUMMARY ........................................................................ i\n\n        ABBREVIATIONS AND ACRONYMS ................................................... iv\n\n        I.    BACKGROUND .............................................................................. 1\n\n        II.   PURPOSE ...................................................................................... 5\n\n        III. FINDING ......................................................................................... 6\n\n               IMPROVEMENTS ARE NEEDED IN THE ISFSI SECURITY PROGRAM ............ 6\n\n        IV. AGENCY COMMENTS................................................................. 14\n\n\n    APPENDIX\n\n        SCOPE AND METHODOLOGY .......................................................... 15\n\n\n\n\n                                                   v\n\x0c                                                                    Audit of NRC\xe2\x80\x99s Oversight of ISFSI Security\n\n\nI.    BACKGROUND\n\n                Independent Spent Fuel Storage Installations (ISFSI) are facilities licensed\n                by the U.S. Nuclear Regulatory Commission (NRC) to store dry casks\n                containing used nuclear reactor fuel, otherwise known as spent fuel.4\n                These massive structures typically contain spent fuel assemblies within a\n                sealed steel canister, which are located in a thick concrete and steel cask\n                for shielding and protection, and then placed on thick concrete pads for\n                added strength and stability. These casks can be stored either vertically\n                or horizontally in concrete storage bunkers.\n\n\n\n\n            Figure 1. Horizontal dry cask storage at Susquehanna.\n            Source: NRC\n\n\n                ISFSIs can be located in three types of locations: (1) the \xe2\x80\x9cprotected area,\xe2\x80\x9d\n                which is located within the security fence that surrounds a nuclear reactor;\n                (2) the \xe2\x80\x9cowner-controlled area,\xe2\x80\x9d which is the area immediately outside the\n                security fence that surrounds a nuclear reactor; and (3) away from an\n                operating reactor, as in a standalone facility or in a decommissioned\n                reactor site. All ISFSIs, regardless of location, are required to meet\n                certain security standards to protect the facility.\n\n\n\n4\n  NRC regulations allow the storage of spent fuel in both pool-type wet storage and dry casks. In 1971,\nthe first ISFSI license was issued to a wet storage facility. This remains the only non-dry cask ISFSI in\nthe United States.\n\n\n                                                     1\n\x0c                                                                      Audit of NRC\xe2\x80\x99s Oversight of ISFSI Security\n\n\n\n\n    Figure 2. Nuclear Plant Security Zones\n    Source: Nuclear Energy Institute\n\n\n                 With the anticipated growth of nuclear power in the United States, and the\n                 uncertainty over the permanent storage of spent nuclear fuel at Yucca\n                 Mountain,5 nuclear power plants have a growing need for additional spent\n                 fuel storage capacity to support continued plant operation. ISFSIs are\n                 generally regarded as a safe and practical means to store spent fuel as\n                 they are passive systems that do not require the maintenance of spent\n                 fuel pools.6\n\n\n\n\n5\n  Yucca Mountain, Nevada, has been the leading candidate site for a spent nuclear fuel repository since\nthe 1980s. However, in recent years, scientific and political concerns have emerged over the suitability of\nthe location.\n6\n  Spent fuel pools are underwater storage facilities for spent nuclear fuel located within the reactor site.\nThese pools were the most common method to store spent fuel until the emergence of dry cask storage\nin the late 1980s.\n\n\n                                                      2\n\x0c                                                           Audit of NRC\xe2\x80\x99s Oversight of ISFSI Security\n\n\n               NRC, which regulates the safe and secure use of nuclear materials,\n               issues licenses and oversees licensee compliance with regulations for\n               ISFSI facilities. The first dry storage ISFSI was licensed by NRC in 1986.\n               As of April 2011, there were ISFSIs storing spent nuclear fuel or preparing\n               to store spent nuclear fuel in the near term at 57 different locations across\n               the United States. Of these ISFSI sites, 47 were located at operating\n               reactors and the remaining 10 were located away from an operating\n               reactor. Figure 3 is a map of ISFSI locations within the United States.\n\n\n\n\nFigure 3. U.S. ISFSI Map, April 2011\nSource: NRC OIG\n\n\n               Security Requirements\n\n               Following the terrorist attacks of September 11, 2001, NRC conducted a\n               comprehensive review of its security policies and procedures, including\n               those related to spent fuel storage. NRC recognized the need to\n               reexamine basic assumptions underlying the civilian nuclear facility\n               security and safeguards programs, and embarked upon a comprehensive\n               review of these programs. As part of this effort, NRC conducted\n\n\n                                              3\n\x0c                                                                   Audit of NRC\xe2\x80\x99s Oversight of ISFSI Security\n\n\n                assessments of the potential consequences and risks of terrorist attacks\n                on a broad range of licensed facilities and activities, including spent fuel\n                storage. These assessments helped NRC determine where efforts should\n                initially be directed. This prioritization placed ISFSIs low on the priority list\n                based on the robust structure of the ISFSI, and the fact that a majority of\n                the ISFSIs are co-located with nuclear reactor facilities.7\n\n                NRC also issued advisories and orders to licensees possessing spent\n                nuclear fuel that identified additional security measures and directed\n                licensees to reevaluate the adequacy of their security programs, plans,\n                and procedures. In October 2002, NRC issued \xe2\x80\x9cInterim Compensatory\n                Measures (ICM) for Dry Independent Spent Fuel Storage Installations\xe2\x80\x9d to\n                all ISFSI licensees. This document served as the single security order for\n                all ISFSI licensees until 2007, when it was replaced by \xe2\x80\x9cAdditional Security\n                Measures (ASM) for the Protection of Dry Independent Spent Fuel\n                Storage Installations.\xe2\x80\x9d The ASM contains the same requirements as the\n                ICM but was renamed to remove any connotation of a \xe2\x80\x9ctemporary\xe2\x80\x9d status.\n                While licensees that originally received the ICM must comply with that\n                particular order, all ISFSIs licensed subsequent to September 2007 must\n                comply with the ASM.\n\n                NRC Office Responsibilities\n\n                The two primary offices involved in ISFSI security oversight are NRC\xe2\x80\x99s\n                Office of Nuclear Material Safety and Safeguards (NMSS) and the Office\n                of Nuclear Security and Incident Response (NSIR).\n\n                NMSS is responsible for the oversight of safe storage, transportation, and\n                disposal of high-level radioactive waste and spent nuclear fuel. As part of\n                these responsibilities, NMSS implements a regulatory program that\n                includes ISFSI licensing, inspection, and assessment of licensee\n                performance.\n\n                NSIR is the technical support office for the ISFSI security program. NSIR\n                develops overall agency policy and provides management direction for\n                evaluation and assessment of technical issues involving security at\n                nuclear facilities. NSIR is also responsible for developing emergency\n                preparedness policies, regulations, programs, and guidelines for both\n\n7\n  All nuclear reactors were deemed a high priority and therefore the co-located ISFSIs were already\nreceiving additional security requirements by association.\n\n\n                                                    4\n\x0c                                                     Audit of NRC\xe2\x80\x99s Oversight of ISFSI Security\n\n\n          currently licensed nuclear reactors and potential new nuclear reactors.\n          Related to ISFSI security, NSIR writes the security orders and the\n          inspection guidelines and serves as the main point of contact for any\n          technical questions related to the ISFSI security program. Furthermore,\n          NSIR staff have traveled to NRC regional offices to provide training on\n          ISFSI security as well as help conduct ISFSI security inspections.\n\n          Inspection Guidance\n\n          NRC conducts inspections to ensure licensee compliance with regulatory\n          security requirements. ISFSI security inspections are primarily conducted\n          by NRC\xe2\x80\x99s four regional offices, in accordance with Temporary Instruction\n          2690, \xe2\x80\x9cInspection of Additional Security Measures for Dry Cask Storage at\n          Independent Spent Fuel Storage Installation(s).\xe2\x80\x9d Temporary Instruction\n          2690 is not part of the permanent inspection program and will expire in\n          June 2011.\n\n          NRC is currently working to formalize the ISFSI security orders into a\n          regulation through the rulemaking process. The goal of the rulemaking is\n          to update and clarify the regulations to support the current regulatory\n          environment, address insights gained from the previous ISFSI security\n          assessments, and apply a consistent approach across all ISFSIs\n          irrespective of their location. One NRC staff member heavily involved with\n          this effort estimates that this rulemaking process will take an additional 5\n          to 7 years for complete implementation of the regulation.\n\n\n\nII.   PURPOSE\n\n          The audit objective was to determine the adequacy of NRC\xe2\x80\x99s oversight of\n          ISFSI security. The report Appendix contains information on the audit\n          scope and methodology.\n\n\n\n\n                                        5\n\x0c                                                      Audit of NRC\xe2\x80\x99s Oversight of ISFSI Security\n\n\nIII. FINDING\n\n          Improvements Are Needed in the ISFSI Security Program\n\n          While NRC has taken steps to improve its oversight of ISFSI security, and\n          the agency has not experienced any problems with ISFSI security, the\n          Office of the Inspector General (OIG) identified the following opportunities\n          to enhance management of the ISFSI security oversight program:\n\n               Define key ISFSI security office roles and responsibilities.\n               Update the ISFSI security inspection procedure.\n               Train inspectors assigned to assess ISFSI security.\n               Develop a centralized database of ISFSI security-related information.\n\n          OIG acknowledges the agency\xe2\x80\x99s post-September 11, 2001, categorization\n          of ISFSIs as a relatively low security risk and its decision to place security\n          resources on higher risk programs; however, making certain basic\n          improvements in program management will facilitate the continued\n          success of ISFSI security and prevent lapses that could occur in the\n          absence of such improvements.\n\n          Structured and Efficient Programs\n\n          According to Federal Government guidance, including the Government\n          Accountability Office\xe2\x80\x99s \xe2\x80\x9cStandards for Internal Control in the Federal\n          Government,\xe2\x80\x9d a program\xe2\x80\x99s efficiency is dependent on (1) clearly\n          delineated roles and responsibilities of offices and individuals involved to\n          avoid confusion and ensure that people understand their roles and\n          responsibilities, (2) guidance documents to establish management\n          expectations and ensure that all staff involved understand their roles, (3)\n          training to ensure that employees have the skills needed to perform their\n          work, and (4) data that is organized to facilitate use by staff and managers\n          for decisionmaking.\n\n          Improvements in ISFSI Security Program Needed\n\n          NRC has made efforts to strengthen its oversight of ISFSI security since\n          the terrorist attacks of September 11, 2001; however, the program lacks:\n\n\n\n\n                                         6\n\x0c                                                                     Audit of NRC\xe2\x80\x99s Oversight of ISFSI Security\n\n\n                 A. An overarching process document to ensure that the various offices and\n                    entities with ISFSI security program responsibilities are carrying out\n                    their responsibilities efficiently and effectively, especially given the\n                    number of different offices involved.\n\n                 B. A permanent ISFSI security inspection procedure.\n\n                 C. Inspectors trained specifically on ISFSI systems and security.\n\n                 D. A single database of ISFSI security information that is consistently\n                    organized and accessible to inspectors and program managers.\n\n                          (A) Overarching Process Documentation Needed\n\n                  NMSS, NSIR, and the Office of Nuclear Reactor Regulation, along with\n                  four regional divisions, have all played important roles in providing\n                  oversight of ISFSI security. NMSS is responsible for issuing the security\n                  requirements to ISFSI licensees and providing the resources to the\n                  inspectors who conduct the security inspections. NSIR developed and\n                  maintains the additional security requirements over ISFSIs and the\n                  technical guidance used by inspectors to ensure licensee compliance with\n                  security orders. The Office of Nuclear Reactor Regulation issued\n                  Inspection Procedure 81001, \xe2\x80\x9cIndependent Spent Fuel Storage\n                  Installations.\xe2\x80\x9d8 Regional inspectors have the responsibility for ensuring\n                  licensee compliance; however, each NRC regional office determines\n                  which regional inspection group will conduct these inspections. Two\n                  regions utilize inspectors based within the Division of Nuclear Materials\n                  Safety, who have materials safety qualifications (primarily health\n                  physicists), and two regions utilize inspectors based within the Division of\n                  Nuclear Reactor Safety, who have reactor security qualifications.\n\n                  Although staff involved with ISFSI security oversight understand their\n                  roles, there is no process document that outlines the roles and\n                  responsibilities of all offices involved. Without this global perspective,\n                  there are no assurances that lapses do not occur with the shared\n                  responsibilities. The following examples illustrate some of the challenges\n                  and inefficiencies in program management based on the lack of an\n                  overarching process document.\n\n\n8\n    This inspection procedure was issued in 1991 to establish security inspection procedures for ISFSIs.\n\n\n                                                      7\n\x0c                                            Audit of NRC\xe2\x80\x99s Oversight of ISFSI Security\n\n\nExample 1: While NSIR developed the additional security requirements\nover ISFSIs after September 11, 2001, it was NMSS who issued these\nrequirements to licensees through security orders. Licensees were\nrequired to submit responses on their implementation schedules, any\ncompliance issues, and when compliance is achieved. These responses\nwere returned to NMSS; however, NSIR staff, who are the technical\nexperts on the details of the security requirements, were not involved with\nreviewing these responses. NSIR\xe2\x80\x99s involvement with this type of licensee\ncompliance verification only began after NSIR issued Temporary\nInstruction 2690 in 2008.\n\nExample 2: Because the regional offices use different groups of\ninspectors to conduct ISFSI security inspections, there is no single forum\nfor all counterpart ISFSI security inspectors to discuss their findings or\nconcerns. While there are counterpart meetings and weekly telephone\ncalls involving the four regional materials divisions and also involving the\nfour regional reactor divisions, only two groups of ISFSI security\ninspectors attend either meeting. The two regions using reactor-based\ninspectors attend one set of meetings while the two regions using\nmaterials-based inspectors attend the other set of meetings. Therefore,\nall groups involved with ISFSI security do not regularly communicate.\n\nExample 3: During interviews conducted by OIG, one senior NSIR official\nand 26 percent of the 23 regional inspectors and managers interviewed\nreferred to Inspection Procedure 81001 as being part of the ISFSI security\nprogram when, in fact, this inspection procedure was rescinded in 2001.\nFurthermore, it was not until November 2010 that an NSIR manager\ndiscovered that the Office of Nuclear Reactor Regulation had rescinded\nthis inspection procedure in 2001. NSIR managers said they were\nunaware this had occurred and that it had not been communicated to\nthem.\n\n       (B) Inspection Procedure Needed\n\nThe ISFSI security program lacks clear documentation of expectations for\nthe security inspection program. Specifically, there is no inspection\nprocedure related to current ISFSI security requirements. After the\nsecurity orders were issued to licensees beginning in October 2002, NRC\ndid not issue any updated inspection guidance to check licensee\ncompliance until 2008. Currently, inspectors use Temporary Instruction\n2690, \xe2\x80\x9cInspection of Additional Security Measures for Dry Cask Storage at\n\n\n                               8\n\x0c                                           Audit of NRC\xe2\x80\x99s Oversight of ISFSI Security\n\n\nIndependent Spent Fuel Storage Installation(s),\xe2\x80\x9d to evaluate licensee\ncompliance with the related security orders. This temporary instruction\nrequires inspectors to conduct only an initial security inspection on all\nISFSI licensees, but does not mandate any additional inspections or\nreviews to ensure compliance.\n\nFurthermore, Temporary Instruction 2690 provides only basic information\non how to conduct the inspection and does not clearly define what\nlicensee measures would satisfy the security requirements. For example,\nit states that inspectors should \xe2\x80\x9cverify that the licensee performed\nsufficient analyses.\xe2\x80\x9d The use of \xe2\x80\x9csufficient\xe2\x80\x9d is subjective and up to\nindividual inspector interpretation to determine if a licensee\xe2\x80\x99s actions\naddress the intent of the security requirements. As a result, some\nlicensees said that they have observed regional differences in how\ninspections are conducted and the level of review conducted by the\ninspectors.\n\nOne NSIR official and several inspectors commented that the temporary\ninstruction lacks sufficient specificity. The NSIR official stated that the\ntemporary instruction leaves too much to the inspector\xe2\x80\x99s discretion.\nAccording to the NSIR official, the instructions are not descriptive or\nprecise enough, which allows differing interpretations by inspectors with\ndifferent backgrounds. A regional inspector told OIG he would like to see\nan established inspection frequency, as well as guidance, to help\ninspectors understand expectations. Two other inspectors stated that\nspecific examples are needed in the inspection guidance to help\ninspectors determine if licensee actions meet the security requirements.\n\nNSIR has made significant strides toward developing more detailed\nguidance documentation. A long-term effort is underway to establish a\nregulation to formalize the security requirements over ISFSIs through the\nrulemaking process. In the meantime, NSIR has been working to reinstate\nInspection Procedure 81001 to provide more extensive, formal guidance\nfor ensuring licensee compliance with ISFSI security orders. This\nreinstated inspection procedure will also establish a regular inspection\nfrequency. NSIR anticipates this inspection procedure will be\nimplemented in June 2011, when Temporary Instruction 2690 expires.\n\n\n\n\n                              9\n\x0c                                           Audit of NRC\xe2\x80\x99s Oversight of ISFSI Security\n\n\n      (C) Formal Qualification Program Needed\n\nThere is no established qualification program to train and qualify\nindividuals as \xe2\x80\x9cISFSI security\xe2\x80\x9d inspectors. Each region makes\ndeterminations on who should conduct ISFSI security inspections. While\nthe individuals selected to conduct ISFSI security inspections have been\nqualified as inspectors under at least one of NRC\xe2\x80\x99s two inspector\nqualification programs, neither of the programs focuses specifically on\nISFSI security. NRC\xe2\x80\x99s two qualification programs focus on different\naspects of regulation and inspection:\n\n   Inspection Manual Chapter 1246, \xe2\x80\x9cFormal Qualification Programs in\n   the Nuclear Material Safety and Safeguards Program Area,\xe2\x80\x9d outlines\n   training and qualification requirements for those inspecting materials\n   safety.\n\n   Inspection Manual Chapter 1245, \xe2\x80\x9cQualification Program for Operating\n   Reactor Programs,\xe2\x80\x9d outlines training and qualification requirements for\n   those inspecting reactor security.\n\nConsequently, inspectors qualified under Inspection Manual Chapter 1246\nlack detailed training of the security environment related to ISFSIs. One\ninspector qualified under Inspection Manual Chapter 1246 stated that\nsecurity is a very specialized area and that these inspections are not\nsomething that can just be added on to his duties as a materials inspector.\nThe inspector said that security is too important an area to have\nunqualified people performing inspections as non-experts cannot identify\nsecurity weaknesses or vulnerabilities. A different inspector with a\nmaterials background said that he is not completely comfortable with\nconducting inspections on ISFSIs located within the protected area\nbecause he feels he needs more training in that area.\n\nInspectors qualified under Inspection Manual Chapter 1245 lack detailed\ntraining on ISFSI systems and equipment. Several inspectors qualified\nunder Inspection Manual Chapter 1245 stated that having some sort of\ntraining course with basic information and guidance related to ISFSIs\nwould be useful.\n\n\n\n\n                             10\n\x0c                                                                      Audit of NRC\xe2\x80\x99s Oversight of ISFSI Security\n\n\n                Of the 23 regional inspectors and managers interviewed, 18 said they\n                believe there should be some form of ISFSI security training. One\n                regional manager remarked that there should be a formalized ISFSI\n                security training program as ISFSIs are unique and do not fall exclusively\n                under reactors or materials.\n\n                NSIR has recently initiated discussions to establish a formal \xe2\x80\x9cISFSI\n                security\xe2\x80\x9d inspector qualification program. One NRC manager involved\n                with the project stated that NSIR plans to develop individual-based training\n                requirements based on the inspectors\xe2\x80\x99 previous qualifications. Those\n                inspectors qualified under Inspection Manual Chapter 1246 would be\n                required to take additional training courses that include different security\n                aspects, while those inspectors qualified under Inspection Manual Chapter\n                1245 would be required to take additional training courses that focus on\n                the design and functionality of ISFSIs. This effort is in an early stage and\n                an NSIR manager estimates that it will take approximately 2 years to\n                establish any formal qualification program.\n\n                         (D) Centralized Repository Needed\n\n                There is no centralized database that contains ISFSI security-related\n                information. Currently, ISFSI security-related information is located in\n                multiple database systems. Specifically, security orders issued and\n                individual licensee responses to these orders are located within the\n                Agencywide Documents Access and Management System (ADAMS), one\n                of NRC\xe2\x80\x99s electronic recordkeeping systems. However, if any of this\n                information is considered Safeguards Information,9 it may not be stored\n                within ADAMS, but instead must be stored in the agency\xe2\x80\x99s new electronic\n                Safeguards Information filing system. Furthermore, easy retrieval of ISFSI\n                information within ADAMS is not always possible. ISFSI information is\n                usually stored within ADAMS by the unique ISFSI license number;\n                however, since a majority of ISFSIs are co-located with reactors, the\n                related ISFSI information is sometimes stored under the reactor license\n                number. One inspector stated that his region\xe2\x80\x99s reports are filed under the\n                reactor license number because the ISFSI inspection was performed in\n                conjunction with a reactor security inspection.\n\n\n9\n Safeguards Information is a special category of sensitive unclassified information authorized by the\nAtomic Energy Act of 1954. Safeguards Information is protected similar to Government classified\nconfidential information and significantly more than other sensitive unclassified information (e.g., privacy\nand proprietary information).\n\n\n                                                     11\n\x0c                                            Audit of NRC\xe2\x80\x99s Oversight of ISFSI Security\n\n\nWithout a centralized repository, inspectors are unable to quickly and\neasily research information prior to performing security inspections. One\nNRC official stated that when conducting security inspections, it is\nimportant to do some prior research such as reviewing security orders\nissued to that site and the licensee\xe2\x80\x99s response as to how the licensee will\ncomply with these requirements. Because there is no organized way of\nfinding such information, individual inspectors must take time to try to\nlocate related information stored within multiple systems, including\nADAMS and the electronic Safeguards Information filing system. Another\nheadquarters employee stated that the Safeguards Information located in\nthis system can be very difficult to find because it is not categorized well.\nFurthermore, a regional branch chief remarked that there have been\ninstances where the licensee had documents or information related to\ntheir site that NRC should have had, but did not have, in its records.\n\nIn October 2005, NMSS developed an office instruction, SFPO-17,\n\xe2\x80\x9cIssuance, Processing, and Tracking of Security-Related Orders,\xe2\x80\x9d that\nrequired NMSS to track the status of all security-related orders issued to\nmaterials licensees in a centralized database. This database was to help\ntrack the status of licensee compliance with security orders. However, 1\nyear later, in October 2006, NMSS was divided to create an additional\nNRC office, the Office of Federal and State Materials and Environmental\nManagement Programs (FSME). As a result, the responsibility of\nmaintaining the new database shifted from NMSS to FSME. While the\ndatabase contained some ISFSI information, no new ISFSI information\nwas entered into the system after the database responsibility was\ntransferred.\n\nWhile the 2005 effort to organize ISFSI security information was never\ncompleted, NSIR has begun a new effort to organize and centralize\nsecurity-related ISFSI information. Specifically, NSIR has created a\nSharePoint site, which is an online centralized database for document\nsharing. However, the success of this database depends on the input and\nparticipation of the staff involved with the program.\n\nISFSI Security Program Has Been a Low Priority\n\nNRC lacks (a) a single entity to facilitate coordination among the various\noffices with roles pertaining to ISFSI security, (b) a permanent inspection\nprocedure, (c) ISFSI security training for inspectors, and (d) a centralized\n\n\n\n                              12\n\x0c                                           Audit of NRC\xe2\x80\x99s Oversight of ISFSI Security\n\n\ndatabase with ISFSI security information because the ISFSI security\nprogram has been a low priority. In the aftermath of September 11, 2001,\nNRC deemed ISFSI security to be a relatively low risk area, especially\nwhen compared to operating reactors. Steps were taken to increase the\nsecurity requirements of ISFSI licensees; however, additional steps are\nneeded to make this low priority program as efficient and effective as\npossible.\n\nAgency managers also explained that the ISFSI security program has not\ndeveloped further because of significant knowledge loss within NSIR due\nto staffing issues. In conducting numerous interviews with NRC staff and\nmanagement, it was noted that the main individual involved with ISFSI\nsecurity within NSIR unexpectedly passed away in 2009. This was a\nsignificant loss for the ISFSI security group as this individual was the\nsubject matter expert and most of his knowledge and vision for the\nprogram had not been transferred or documented. Over the past couple\nof years, NSIR staff have attempted to replace the lost knowledge through\neducating new staff and better documenting and organizing policies and\ndecisions made. However, the ISFSI security program has suffered\nadditional staff turnover, which has further impeded the group\xe2\x80\x99s progress.\n\nLack of Efficient Management\n\nBy implementing several basic program management improvements, NRC\nwill promote coordination and efficient management of the ISFSI security\nprogram. Without overarching program coordination, well-documented\nroles and responsibilities, inspection guidance, a comprehensive training\nprogram, and a centralized repository of security-related ISFSI\ninformation, there is no clear basis for timely and fully informed decisions\nwhich could result in licensee non-compliance with security requirements.\nThis could negatively impact NRC\xe2\x80\x99s mission to ensure adequate protection\nof public health and safety, promote the common defense and security,\nand protect the environment.\n\n\n\n\n                             13\n\x0c                                                     Audit of NRC\xe2\x80\x99s Oversight of ISFSI Security\n\n\n         Recommendations\n\n         OIG recommends that the Executive Director for Operations:\n\n         1.    Develop and implement an overarching process document that\n              defines and clearly documents the roles and responsibilities of all\n              offices involved with ISFSI security.\n\n         2.   Develop and implement a comprehensive ISFSI security inspection\n              procedure which includes a defined frequency for inspections to\n              occur.\n\n         3.   Develop and implement a formal ISFSI security qualification program.\n\n         4.   Develop and implement a centralized repository of relevant ISFSI\n              security information.\n\nIV.   AGENCY COMMENTS\n\n         At an exit conference on April 13, 2011, agency management stated their\n         general agreement with the findings and recommendations in this report.\n         Agency management also provided supplemental information that has\n         been incorporated into this report as appropriate. As a result, the agency\n         opted not to provide formal comments for inclusion in this report.\n\n\n\n\n                                       14\n\x0c                                                   Audit of NRC\xe2\x80\x99s Oversight of ISFSI Security\n\n                                                                           Appendix\nSCOPE AND METHODOLOGY\n\n       Auditors evaluated the adequacy of NRC\xe2\x80\x99s oversight over ISFSI security.\n       The audit team reviewed relevant criteria, including \xe2\x80\x9cInterim\n       Compensatory Measures (ICM) for Dry Independent Spent Fuel Storage\n       Installations\xe2\x80\x9d; \xe2\x80\x9cAdditional Security Measures (ASM) for the Protection of\n       Dry Independent Spent Fuel Storage Installations\xe2\x80\x9d; \xe2\x80\x9cPhysical Protection of\n       Dry Independent Spent Fuel Storage Installations\xe2\x80\x9d; Inspection Procedure\n       81001, \xe2\x80\x9cIndependent Spent Fuel Storage Installations\xe2\x80\x9d; and Temporary\n       Instruction 2690, \xe2\x80\x9cInspection of Additional Security Measures for Dry Cask\n       Storage at Independent Spent Fuel Storage Installation(s).\xe2\x80\x9d\n\n       At NRC headquarters, in Rockville, MD, auditors interviewed NSIR and\n       NMSS staff and managers to gain an understanding of their roles and\n       responsibilities in the oversight of ISFSI security. Auditors also traveled to\n       and interviewed NRC staff and management located in Region I (King of\n       Prussia, PA), Region II (Atlanta, GA), Region III (Lisle, IL), and Region IV\n       (Arlington, TX). Additionally, at Nuclear Energy Institute headquarters\n       (Washington, D.C.), OIG interviewed representatives from the Nuclear\n       Energy Institute and various licensees on their involvement within the\n       ISFSI security program. Furthermore, auditors observed an ISFSI security\n       inspection at Palo Verde Nuclear Generating Station located outside\n       Phoenix, AZ.\n\n       We conducted this performance audit at NRC headquarters and in the four\n       NRC regional offices from September 2010 through January 2011 in\n       accordance with generally accepted Government auditing standards.\n       Those standards require that the audit is planned and performed with the\n       objective of obtaining sufficient, appropriate evidence to provide a\n       reasonable basis for any findings and conclusions based on the stated\n       audit objective. OIG believes that the evidence obtained provides a\n       reasonable basis for the report findings and conclusions based on the\n       audit objective. Internal controls related to the audit objective were\n       reviewed and analyzed. Throughout the audit, auditors were aware of the\n       possibility or existence of fraud, waste, or misuse in the program. The\n       work was conducted by Beth Serepca, Team Leader; Rebecca Underhill,\n       Audit Manager; Maxinne Lorette, Senior Auditor; and Michael Blair,\n       Management Analyst.\n\n\n\n\n                                     15\n\x0c'